When a user belongs to an high number of groups (>65), he is unable to logon to the domain, and causes a Panic in Samba. Using ldap backend (openldap-2.2.13-2) in a FC2 with 2.6.10-1.770_FC2 Glibc 2.3.3. ( but happens with other combinations also) This also happens with latest samba version 3.0.22. =============================================================== [2006/04/02 20:18:56, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 3504 (3.0.22) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/04/02 20:18:56, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/04/02 20:18:56, 0] lib/fault.c:fault_report(40) =============================================================== [2006/04/02 20:18:56, 0] lib/util.c:smb_panic2(1554) PANIC: internal error [2006/04/02 20:18:56, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 37 stack frames: #0 smbd(smb_panic2+0x120) [0x808c10] #1 smbd(smb_panic+0x28) [0x808ae8] #2 smbd [0x7f2a77] #3 /lib/tls/libc.so.6 [0x43af48] #4 /lib/tls/libc.so.6(__libc_free+0x8b) [0x47672b] #5 /lib/tls/libc.so.6(initgroups+0x16f) [0x497bdf] #6 smbd [0x7e3634] #7 smbd [0x7e3835] #8 smbd [0x7e39a4] #9 smbd(pdb_default_enum_group_memberships+0x34) [0x7e3b24] #10 smbd [0x7d3010] #11 smbd [0x7c3f30] #12 smbd(pdb_enum_group_memberships+0x4e) [0x7c602e] #13 smbd [0x84be01] #14 smbd [0x84bf7a] #15 smbd(make_server_info_sam+0x16c) [0x84c2cc] #16 smbd [0x8469db] #17 smbd [0x846d1e] #18 smbd [0x843d82] #19 smbd(_net_sam_logon+0xce1) [0x718d11] #20 smbd [0x715fab] #21 smbd(api_rpcTNP+0x18a) [0x76132a] #22 smbd(api_pipe_request+0xfa) [0x7610aa] #23 smbd [0x759792] #24 smbd [0x7599f0] #25 smbd [0x75a0e8] #26 smbd [0x75a3b6] #27 smbd(write_to_pipe+0x127) [0x75a2e7] #28 smbd(reply_pipe_write_and_X+0x139) [0x678bc9] #29 smbd(reply_write_and_X+0x43d) [0x6812ad] #30 smbd [0x6b7fc4] #31 smbd [0x6b8223] #32 smbd(process_smb+0xa4) [0x6b8474] #33 smbd(smbd_process+0x17d) [0x6b94fd] #34 smbd(main+0x591) [0x8a5931] #35 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x428ad4] #36 smbd [0x64c102]
this very much sounds like a glibc problem. Can you try to 'su -' to that user? Does that work? Volker
With [root@lnxvm root]# groups user.name user.name : Domain Users AR-INF-AdmPub AR-INF-ARQUIVO AR-INF-IEH AR-INF-XST AI-IUTICE AR-LSB-DRI_Blaise AR-LSB-DRI_G_Respondente AR-LSB-DRI_Spis AR-LSB-DRI_Webinq AR-LSB-G_Amostras DI-LSB-Bombeiros DI-LSB-Cinema DI-LSB-ECPC DI-LSB-Galerias DI-LSB-Hindustria DI-LSB-IEGPA DI-LSB-IUTIC_E DI-LSB-IUTIC_H DI-LSB-IUTICE DI-LSB-La DI-LSB-Museus DI-LSB-ONGA DI-LSB-PubPer DI-LSB-Recintos DI-LSB-SIGIM DI-EVR-Bombeiros DI-EVR-Cinema DI-EVR-EspVivo DI-EVR-Galerias DI-EVR-Hindustria DI-EVR-La DI-EVR-Museus DI-EVR-ONGA DI-EVR-PubPer DI-EVR-Recintos DI-EVR-SIGIM OR-DRI.MSR AI-IEH AR-LSB-DRI_IE_FolhasObra DI-LSB-Hospitais DI-LSB-IPSS DI-LSB-SocMutuos DI-LSB-XST AI-AssPatronais AI-Bibliotecas AI-Bombeiros AI-Cinema AI-EspVivo AI-Galerias AI-Hospitais AI-ICT AI-IPSS AI-Museus AI-ONGA AI-PubPer AI-Recintos AI-SIGIM AI-SocMutuos AI-IUTIC_E AI-IUTICE-J DI-INF-IEH DI-LSB-IUTICE-J AR-LSB-DRI_IE_DOC_TECNICA-RO AR-LSB-DRI_MSR_GESTAO AR-LSB-DRI_RD_FICHAS AR-LSB-DRI_MSR_FONTES DI-LSB-IEH DI-LSB-PGRESP AI-PGRESP DI-EVR-PGRESP DI-EVR-XST AI-XST Su'ing: [root@lnxvm root]# su - user.name [root@lnxvm root]# whoami root In /var/log/messages: Apr 2 23:52:34 lnxvm su(pam_unix)[3160]: session opened for user user.name by root(uid=0) Apr 2 23:52:34 lnxvm su[3163]: nss_ldap: could not get LDAP result - Can't contact LDAP server Apr 2 23:52:34 lnxvm su(pam_unix)[3160]: session closed for user user.name [root@lnxvm root]# service ldap status slapd (pid 3155) is running... [root@lnxvm root]#
So su - user.name failed. Just to make sure: Can you take that user out of a couple of groups and see if it works then? If it does, then this is not a Samba but a libc problem. Another reason for su - failing is to have for example /bin/false as a login shell. Thanks, Volker
Reducing the number of groups the user belongs to "fixes" the issue. So, next step would be to update Glibc. And if problem persists? Any advice? TIA. Bruno Guerreiro
If the problem persists, re-open the bug :-) Volker
(In reply to comment #5) > If the problem persists, re-open the bug :-) > > Volker > No need to re-open. INFO: The problem was nss_ldap. Upgrading it solved the issue.